Board Members' Lack of Security Awareness Puts Businesses at Risk of Cyber Attacks, Finds Savanti Report

Sep 15, 2023 10:19:45 AM By Stu Sjouwerman

A report from cybersecurity consultancy Savanti reveals that board members are facing challenges in understanding cyber risks, and this has important implications for businesses.

No Dice for MGM Las Vegas as It Battles Fallout from Ransomware Attack After a 10-minute Vishing Scam

Sep 14, 2023 4:03:51 PM By Stu Sjouwerman

DEVELOPING STORY. SCROLL DOWN FOR MORE.

MGM Suffers Ransomware Attack that Started with a Simple Helpdesk Call

Sep 14, 2023 3:56:43 PM By Stu Sjouwerman

As the aftermath unfolds, the details around the recent attack on MGM Resorts provides crucial insight into the attacks impact, who’s responsible, and how it started.

Can Someone Guess My Password From the Wi-Fi Signal On My Phone?

Sep 14, 2023 7:41:24 AM By Martin Kraemer

Cybercriminals can't ascertain your phone password just from a Wi-Fi signal, but they can come close according to a method described in a recent research paper. Researchers have ...

Can You Guess Common Phishing Themes in Southeast Asia?

Sep 13, 2023 9:07:52 AM By Stu Sjouwerman

Researchers at Cyfirma outline trends in phishing campaigns around the world, finding that Singapore is disproportionately targeted by phishing attacks.

AP Stylebook Data Breach Compromises Customer Personal Information

Sep 12, 2023 2:32:48 PM By Stu Sjouwerman

The Associated Press (AP) has disclosed a data breach affecting the legacy AP Stylebook website that led to phishing attacks against impacted customers, BleepingComputer reports.

CyberheistNews Vol 13 #37 Scary New IT Admin Attack Exposes Your MFA Weakness

Sep 12, 2023 9:00:00 AM By Stu Sjouwerman

Phishing Scammers are Using Artificial Intelligence To Create Perfect Emails

Sep 12, 2023 8:00:00 AM By Stu Sjouwerman

Phishing attacks have always been detected through broken English, but now generative artificial intelligence (AI) tools are eliminating all those red flags. OpenAI ChatGPT, for instance, ...

Cybercriminals Selling "Golden Tickets" to Phish Microsoft 365... $500,000 in Sales in 10 Months

Sep 12, 2023 7:45:00 AM By Stu Sjouwerman

In the movie, "Willy Wonka and the Chocolate Factory," kids unwrap chocolate bars in hopes of winning a golden ticket, giving the holder an inside tour of the sugar factory. The W3LL ...

Microsoft Teams Phishing Campaign Distributes DarkGate Malware

Sep 11, 2023 8:55:42 AM By Stu Sjouwerman

Researchers at Truesec are tracking a phishing campaign that’s distributing the DarkGate Loader malware via external Microsoft Teams messages.

[dot]US Domain Exploited for Phishing

Sep 8, 2023 8:14:23 AM By Stu Sjouwerman

The Interisle Consulting Group has published a paper looking at the phishing landscape in 2023, KrebsOnSecurity reports. Notably, Interisle found that the .us top-level domain is being ...

Organizations Tie Executive Pay to Cybersecurity Performance Hoping To Enhance Protection Against Hackers

Sep 8, 2023 8:13:59 AM By Stu Sjouwerman

Organizations have started to recognize the importance of tying executive pay to cybersecurity metrics. This practice is gaining traction among the largest U.S. companies, with nine ...

New Telekopye Phishing Toolkit Uses Telegram-Based Bots To Turn Novice Scammers into Experts

Sep 8, 2023 8:13:13 AM By Stu Sjouwerman

The Telekopye toolkit allows scammers to create phishing websites, send fraudulent SMS messages and emails, and target popular Russian and non-Russian online marketplaces.

Brand Impersonation Hits a New High with as Many as 73 Lookalike Domains Per Brand

Sep 8, 2023 8:12:44 AM By Stu Sjouwerman

The use of lookalike domains has reached critical mass with not just one counterfeit website, but many.

Ransomware Attacks Speed up 44% Leaving Less Time for Detection and Response

Sep 8, 2023 8:12:00 AM By Stu Sjouwerman

New data suggests that the gangs and toolkits behind current ransomware attacks are materially improving their abilities, resulting in a speeding up of attacks before defenses kick in.

Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods

Sep 8, 2023 8:00:00 AM By Stu Sjouwerman

Inadequate authentication measures leave your digital identity vulnerable to cybercriminals. Tools like multi-factor authentication, biometrics, passwords, PINs and tokens are more ...

Scary New IT Admin Attack Exposes Your MFA Weakness

Sep 7, 2023 8:44:27 AM By Stu Sjouwerman

Identity and authentication management provider Okta has warned of social engineering attacks that are targeting IT workers in an attempt to gain administrative privileges within ...

CISA Says to Exercise Caution For Disaster-Related Malicious Scams

Sep 6, 2023 9:45:36 AM By Stu Sjouwerman

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are exploiting the recent hurricanes that have hit the US. Criminals frequently impersonate ...

CyberheistNews Vol 13 #36 [Must Know] Top 10 Trends in Business Email Compromise for 2023

Sep 6, 2023 9:00:00 AM By Stu Sjouwerman

How Secure Is Your Authentication Method?

Sep 6, 2023 8:53:21 AM By Roger Grimes

I frequently write about authentication, including PKI, multi-factor authentication (MFA), password managers, FIDO, Open Authentication, and biometrics. I have written dozens of articles ...

Security Awareness Training Blog

View Topics